Using AI to Level the Cyber Playing Field

iStock

Imagine what you would have done differently in your network if you could have just seen a few years into the future. Would you have been quicker to embrace the cloud? What about the time and money spent on technologies that you now don’t really use? Every wiring closet has a number of expensive “boat anchors” sitting on a shelf somewhere gathering dust. Of course, if your organization has ever been the victim of a serious breach, it’s easy to guess how you may have prepared differently for that.

Predicting the Future

The truth is, that last one isn’t really just wishful thinking. Cybersecurity professionals, myself included, have been warning organizations about the threats just around the corner for years. Some requires years of experience to understand threat actor trends and malware trajectories. But others just stare you in the face. For example, much of the recent success of the cybercriminal community has been due to their ability to successfully exploit the expanding attack surface and the resulting security gaps resulting from digital transformation that are not being properly closed. This shouldn’t be news to anyone.

While predicting what cybercriminals are going to do next can be tricky, the reverse isn’t true. When it comes to the cyber arms race, the criminal community has always had a distinct advantage in knowing what’s coming next. Organizations are constantly looking for new ways to squeeze more value out of their networks, or gain that sliver of competitive edge through the use of new technologies. And cybercriminals can predict with a high degree of certainty where many of those organizations will also neglect to apply proper security to those efforts.

There is a pattern to our failure to properly secure our networked resources, and we pay for it. According to one report, cybercriminals cost the global economy a total of $1.5 trillion last year. And the rate of growth for cybercrime looks likely to continue for some time, in spite of the billions we spend on cybersecurity solutions, unless organizations make a significant paradigm shift as to how they think about and deploy security.

Gaining the Upper Hand

To get out ahead of the traditional cycle of buying new cybersecurity solutions in response to the latest threat trends, organizations need to begin using the same sorts of technologies and strategies to defend their networks that criminals are using to compromise them. That means adopting an intelligently integrated approach that leverages the power and resources of today's enterprise.

Much of this is detailed in Fortinet’s Security Predictions for 2020. In addition to my usual predictions around the tactics and technologies that cybercriminals are likely to develop and adopt over the next few years, this year’s report focuses extensively on ways organizations can successfully gain the upper hand when it comes to their cyber adversaries. And that strategy relies heavily on two things: the development and deployment of solutions built around machine learning and artificial intelligence, and shifting to a security-driven networking strategy that takes the principle of “look before you leap” to a new level.

The Evolution and Future of AI

One of the objectives for a security-focused AI strategy is to develop an adaptive immune system for the network similar to the one in the human body. In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection. In the network, Artificial Intelligence can potentially perform much the same task by identifying threats and initiating and coordinating a response. A quick review of its history can help us predict its trajectory.

The first generation of AI is already in place in some sectors. Leveraging artificial neural networks and massive databases, systems using machine learning can rapidly sift through mountains of data to provide analysis and determine a proper course of action, all at network speeds.

The next generation of AI, currently running in labs and some production environments, is able to better detect patterns by distributing learning nodes across an environment. This enhances its impact on things like access control. Some AI systems are now able to identify individuals using complex bio-footprints such as typing patterns or heartbeat rhythms, and detect even the most subtle deviations in normal network traffic to identify malicious actors and malware. Implementing this in today’s networks will require deploying regional AI-enhanced learning nodes that can collect and process local data for quick responses to events, and also share that data back to a central AI brain to deeper correlation to not only better detect suspicious patterns of behavior, but also immediately respond in a decisive manner before an attack can even be fully formed.

The third generation of AI, however, is where things begin to get really interesting. AI will still require a central brain, but rather than a hub and spoke model, it will instead exist as an interconnected web of even more intelligent machine learning regional learner nodes, much like an organic neural network. Direct information sharing between nodes will not only play a pivotal role in identifying threats in true real time, but also ensure that central protections and controls match local requirements and variations.

Getting from Here to There

Of course, none of this will matter if security isn’t deployed where cybercriminals strike. Today, different segments of the networks can’t see or talk to each other and collected threat intelligence often exists in isolation. The result is a fragmented security implementation that cybercriminals are all too eager to exploit. And this challenge is being compounded as more and more organizations rush headlong into adopting new technologies – today it’s the cloud and tomorrow it will be 5G and edge computing – without first properly considering all of the security ramifications. And that has to include prioritizing how the security to be deployed in new areas of the network will interoperate with existing systems.

Getting from where most organizations are today, to the sort of integrated and distributed security that the future will require, underscores the need to take a new approach. To start, organizations need to focus on interconnectivity and deep integration between their security devices. For machine learning systems to be successful, they not only need access to critical security information, but that data will need to be seamlessly and instantly shared across the network so can be adapted to each networked environment's unique configuration. This will also require taking a security-first approach to new network expansions to ensure that all network and security systems and devices are visible and consistently controllable from anywhere in the network.

The ability for machine learning and AI systems to take over many of the menial and detail-oriented tasks previously assigned to human resources will take a significant bite out of the growing cybersecurity skills gap. By shifting responsibilities to autonomous self-learning processes that function similarly to human autoimmune systems – hunting for, detecting, and responding to security events autonomously and in true real time – valuable cybersecurity professionals will be able to focus their unique skillsets on higher-order planning and strategy. This transition will be critical as organizations move to adopt the advanced security-driven network strategies that will help their businesses succeed in the digital marketplace of tomorrow.